Five individuals and one company with ties to spyware developer Intellexa are the latest to earn sanctions as the US expands efforts to stamp out spyware.

The latest sanctions from the Department of the Treasury's Office of Foreign Assets Control (OFAC) follow initial action taken in July 2023, when Intellexa itself was added to the list after being deemed a potential threat to national security.

Intellexa is on the naughty list for developing the Predator spyware, similar to NSO Group's Pegasus - which arguably carries a little more notoriety - yet Intellexa also has all the features you definitely don't want running on any of your devices.

Phone calls, messages, GPS data, and microphone and camera access - among others - are all believed to be compromised if the software, which can run silently on iOS and Android, worms its way onto a device.

After going a little quiet earlier this year, researchers recently spotted evidence of new Predator infrastructure popping up in African countries like the Democratic Republic of the Congo and Angola, suggesting Intellexa was hardly bothered by its initial OFAC sanctioning.

Insikt Group, Recorded Future's threat intel arm, identified various other potential customers of Predator spyware in March. These included Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago.

Included among the five individuals to be sanctioned is Greek businessman Felix Bitzios, the majority shareholder at Intellexa. Bitzios has also acted as a manager of the company, as has senior executive Merom Harpaz, who was sanctioned alongside him.

Andrea Nicola Constantino Hermes Gambazzi, the Swiss-born Emirates-based owner of Intellexa's parent company, Thalestris Limited, which also has distribution rights for Predator and is already designated by the OFAC, joins Bitzios. Panagiota Karaoli is a director of multiple Thalestris subsidiaries, the OFAC said, which is why the Cypriot has now also earned a spot on the list.

Artemis Artemiou is the last individual to be added to this round of sanctions. Artemiou is described as the general manager and board member at Cytrox Holdings - the Hungary-based company responsible for developing earlier versions of Predator before production moved to Cytrox AD, located in North Macedonia. The company is part of the Intellexa Consortium and was first designated in 2023 for trafficking vulnerability exploits.

Finally, Aliada Group is based in the British Virgin Islands and is described as an enabler of transactions for Intellexa valued at tens of millions of dollars. It's currently directed by Tal Jonathan Dilian, who founded the Intellexa Consortium, the OFAC said.

"The United States will not tolerate the reckless propagation of disruptive technologies that threaten our national security and undermine the privacy and civil liberties of our citizens," said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence. 

"We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards."

Costly spyware

As The Register previously reported, the commercial spyware market is worth big bucks - approximately $12 billion a year - and, according to experts, "appears to be booming."

Purchase prices of kit such as Predator and Pegasus don't come cheap, since they're pre-loaded with exploit chains that harness various zero-day vulnerabilities - valuable stuff for anyone operating on either side of the cybersecurity game.

Amnesty International's Security Lab republished a leaked price proposal for Predator in 2022 after it was leaked on the XSS cybercrime forum. The proposal was for a package deal including both Predator and Nova, Intellexa's data analysis system. The price was set at €8 million ($8.9 million at today's exchange rate).

Considering the dirt such software could unearth on targets of interest, it's easy to see why some states can justify the expenditure.

Targets typically include government figures, journalists, and human rights activists, but this could feasibly be extended to wider and less specific pools of people in civil society too.

Apple drops NSO Group lawsuit

In other news, Apple has reportedly abandoned its plan to sue Israeli Pegasus peddler NSO Group.

The iGiant announced its intention to impose costs on the spyware maker in 2021, but recently cited concerns that proceeding with litigation might expose sensitive details that could harm the cybersecurity community if revealed in open court.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi, Apple's senior vice president of software engineering in 2021. 

"Apple devices are the most secure consumer hardware on the market - but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we're constantly working to strengthen the security and privacy protections in iOS to keep all our users safe."

Pegasus spyware used what's referred to as the FORCEDENTRY exploit to break into iOS and install itself on targeted devices. The exploit, which involved specially crafted iMessage messages, required no interaction from the victim (zero-click) for it to be carried out.

NSO Group unsuccessfully attempted to get Apple's case thrown out earlier this year, but has now had its wish granted by Apple itself, the Washington Post reported on Friday.

Apple maintains its claims are still valid but now feels that by going to trial, critical threat intelligence would come to light that may lead the growing commercial spyware ecosystem to develop workarounds for Apple's anti-spyware protections. ®

https://www.theregister.com//2024/09/17/predator_spyware_sanctions/